As we enter the middle of summer, another wave of data breaches and leaks has made headlines. Here’s a recap of the major incidents that unfolded last month.

Qantas Data Breach

Qantas has disclosed a data breach affecting one of its contact centers, potentially exposing personal information of up to 6 million customers. The incident was discovered on June 30 and involved a third-party platform used by the airline’s customer service operations — not Qantas’s internal systems. The exposed data may include names, phone numbers, email addresses, dates of birth, and frequent flyer numbers. However, no financial information, passport details, passwords, or log-in credentials were compromised. Frequent flyer accounts remain secure.

Qantas has secured the affected system, notified authorities, and begun alerting impacted customers. A dedicated support line and information page have been set up to assist those affected. The company is still investigating the full extent of the breach but expects the data loss to be significant. The breach follows recent cyber incidents in the airline industry, with rising concerns about financially motivated groups increasingly targeting transportation networks.

Another AT&T Data Leak

A new AT&T data leak is circulating on hacker forums, containing over 86 million unique customer records and raising concerns that the company’s sensitive data may have been compromised once again. The leak includes full names, phone numbers, email addresses, physical addresses, dates of birth, and nearly 44 million Social Security numbers — now fully decrypted and exposed in plain text.

The hacker claims the data stems from AT&T’s April 2024 breach, tied to a widespread attack on Snowflake’s cloud platform that affected over 160 companies. However, discrepancies between this leak and earlier reports cast doubt on the link. Notably, the data format and contents differ from the previous breach, suggesting the possibility of either a separate leak or a repackaged version of the same dataset.

This isn’t the first time AT&T has been hit. In 2021, ShinyHunters claimed to have breached the company, and AT&T eventually confirmed that incident in 2024, admitting it affected more than 73 million customers. Now, with decrypted SSNs and complete personal profiles surfacing in a more organized format, the latest leak poses even greater risks for identity theft, fraud, and long-term privacy concerns. AT&T has yet to confirm the source of this new data.

Krispy Kreme Data Breach

Krispy Kreme has confirmed that a ransomware attack late last year exposed the personal information of over 161,000 individuals. The breach, which occurred in December 2024, disrupted operations and was later claimed by the Play ransomware group, who reportedly stole 184 GB of data and published it online after ransom demands were not met.

The exposed data includes names, dates of birth, Social Security numbers, driver’s license and passport numbers, financial and medical information, email credentials, biometric data, and more. Most of the affected individuals are current or former employees and their family members. The company disclosed to the Maine Attorney General that 161,676 people were affected — the only state requiring full disclosure of breach scope. Krispy Kreme said the breach caused over $11 million in losses in fiscal 2024, with costs expected to grow in 2025. Notification letters to affected individuals have now been sent.

Data Breach Hits Retailers like North Face and Cartier

North Face, Cartier, and Next Step Healthcare have become the latest targets in a wave of cyberattacks impacting both retail and healthcare sectors. The North Face disclosed a breach in April that exposed customer names, email addresses, shipping details, and past purchase history. The company believes the attack involved credential stuffing — where hackers used stolen credentials from other breaches to access reused log-ins. VF Corporation, its parent company, has faced similar issues, including a cyberattack on its Vans brand in late 2023.

Cartier also confirmed that an unauthorized party briefly accessed its systems, compromising limited customer data. While no passwords or financial details were exposed, the breach adds to the growing list of attacks against luxury and retail brands. Next Step Healthcare in Massachusetts reported a serious breach that occurred in June 2024. The ransomware group Qilin claimed responsibility for stealing highly sensitive data, including Social Security numbers, financial account information, medical records, and driver’s licenses. The incident affected more than 12,000 individuals across Massachusetts and New Hampshire.

Protect Yourself with Trend Micro ScamCheck

Data breaches and the leaking of users’ personal info to the dark web always leads to an increase in phishing scams. Introducing Trend Micro ScamCheck! Available for both Android and iOS, ScamCheck offers comprehensive protection from the latest deception:

• Scam Check: Instantly analyze emails, texts, URLs, screenshots, and phone numbers with our AI-powered scam detection technology. Stay secure and scam-free.
• SMS Filter & Call Block: Say goodbye to unwanted spam and scam calls and messages. Minimize daily disruptions and reinforce your defenses against phishing.
• AI Video Scan: Detect deepfakes in real-time during video calls, alerting you if anyone is using AI face-swapping technology to alter their appearance.
• Web Guard: Surf the web safely, protected from malicious websites and annoying ads.

To download Trend Micro ScamCheck or to learn more, click the button below. As ever, if you’ve found this article an interesting or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider clicking the LIKE button or sharing your experience in a comment below. Here’s to a secure 2025!